Portmaster and SPN by Safing.io

Well thanks that’s works,

we maybe have to add to ignore the “Danger incoming setting notification” afterward and click it away, because the rule of * takes care of that…

  • I was sure does rule setting didn’t work out at my first try, but maybe I had it not setup same on both PC…

[ EDIT ] syncthing Global Discovery has to stay on!
add the LAN IP from Portmaster filter has well to the rules, even with localhost already in the income allow settings.

In no Portmaster review, do I read about the 14 Eye countries Serveilance Alliance. I guess I need to understand that Portmaster is set up differently than VPNs.

But what is that fundamental difference, that - despite the fact that Portmaster is located in Austria (*) - that the privacy for my data is 100% guaranteed anyway?

(*) I think Austria is part of the 14 Eye countries Serveilance Alliance.

I think you’re being paranoid. It’s only Five Eyes — USA, Canada, UK, Australia and New Zealand. :stuck_out_tongue:


Australia (:australia:) is the country with the kangaroos, the koalas, the kookaburras, the platypuses, the Tasmanian devils, and the most dangerous spider in the world, i.e. the Australian redback spider.

Austria (:austria:) is that country with the drunken guys in lederhosen who spend their days yodeling in the mountains. :stuck_out_tongue:

1 Like

no eyes in Austria … :disguised_face:


Ah okay. This surprises me; Because I estimated that the European Union would count as one nation.

1 Like

Please describe your attack scenario. What do you do and against whom do you want “privacy”? NSA, Google, your ISP, your goverment, another goverment, or your spouse? Often they contradict each other and sometimes you even make it worse.

@mithrial: I remember how a government once knocked on Proton’s door to see the mail of a Proton customer. I believe it was a political activist. But Proton provided only minimal information.

I do follow the geopolitical news myself. But otherwise my surfing behavior is quite harmless. But just as well I’m deepening myself, how I can upgrade my privacy to a higher level. That’s also one of the reasons why I’m going to switch to Linux one of these weeks. And also with interest look at the Ubuntu Touch phones. I have the impression that it is more user-friendly than GrapheneOS.

I tried Portmaster, it refused to start on my system. I removed it and installed Open Snitch, which works just fine.

Just for people playing Sea of Thieves game, if you enabled Filter Lists, you will probably be unable to play. Here is what I found was blocking the game, see the image:

The first list [1] blocks the menu login.
The second list [2] blocks the ability to join an online game from menu.

To disable them only for the game, in the Dashboard, click on the Wine64 Preloader application (the one corresponding to your game, it may vary depending how you launch the game and the version of WINE/Proton you’re using), then click on Settings, then click on Filter Lists, and then un-tick these two lists so it will stop blocking Microsoft’s servers for the game.

After both lists are disabled, start the game and enjoy (I noticed disabling them after the game is started doesn’t help, you need to restart the game).

Since lists are being mentioned, I figure I finally pop the question that has been on my mind for a month or two.

A while ago, I started noticing NOTHING is being blocked on my pihole from one client, my computer.
That was not the case before and I have changed nothing in portmaster or the pihole/unbound setup, but has been updated a few times ofc.

Since I want ALL TRAFFIC to go through my phole and unbound setup, I use dns:// as the only dns server in portmaster and that used to work, but nothing gets blocked any more, and I tend to see more commercials, but this is VERY hard to test.
ALL other clients on the network is getting blocked just fine by the pihole.
If I disable portmaster, pihole starts blocking my computer again.
This can mean 2 things.

  1. Things are leaking outside of my defined DNS.
  2. The portmaster blocklists have suddenly become extremely efficient.

Using drill I can see portmaster is indeed blocking things that should absolutely be blocked, but I can’t really do this to the hundreds of thousands of url:s in my pihole blocklists.
If I disable portmaster, the same drill command shows pihole taking over the blocking.

So, question 1.
Where are the logs that shows requests from my computer that portmaster blocks so I can compare to my logs on my pihole?

Question 2.
Where can I find the actual block lists portmaster is using?

Thanks in advance.

I think you need to be a customer for the network history (above the 10 minutes available in the GUI).

Ok, so paywall for logs, nice… :frowning:

What about the block lists? Where do I find them?

I can tell you this, this does NOT give me peace of mind, quite the contrary actually. :frowning:
And beeing forced to pay for something so trivial as logs is not a good look imho.
I’m a whale when it comes to donating to deserving software providers, but i gtfo if things start to get forced onto me.
This is not good.

I just found this.
Not sure if it is accurate 100% but the comment:

Portmaster always resolves the DNS so that you get all the information.

… does not sound good to me.

Maybe here GitHub - safing/intel-data: 🔥 Filterlists and intelligence data 🚥 I don’t know, took me a couple minute to find that when I actually searched for it

About the log file maybe there are some, for example in the log folder of PortMaster /opt/safing/portmaster/logs/, just that to access the advanced database with all bells and whistle about application details and all apparently it needs the subscription.

I don’t believe it is too much to have features behind paywall, if you like the tool and it helps you.
I know we all love having free everything, but the reality of software development is that it is not free. Part of the features are given to us, with an open source project, some features are paid. That’s it.

1 Like

1: Switch “Simple interface” to “Advanced interface”

2: and 3: There are many different lists in each menu. Click “Expand” to show all different lists.

4: Touch any list to view its link. Click this link to see where ad source comes from.

AFAIK, portmaster uses block lists from git sources for example:

  • Tiuxo’s Ads List:

Great job! Did you also check the contents of the lists that you so GREATLY found (I also found them, that is why I asked) or you are more interested in acting like an ass??

Lets chek the ads-list:

# Copyright by Intel-Data Authors
# Managed by Safing at https://github.com/safing/intel-data
# License: CC-BY-SA-4.0

analyticsnew.overwolf.com # Overwolf ads & tracking
tracking.overwolf.com     # Overwolf ads & tracking

Ok…?? Seems great!

What about the fraud list??

# Copyright by Intel-Data Authors
# Managed by Safing at https://github.com/safing/intel-data
# License: CC-BY-SA-4.0

marketmetrics.digital #1 - Target: Github SSH Keys for Handshake Airdrop

Maybe I’m just unlucky, what about the malware.txt

# Copyright by Intel-Data Authors
# Managed by Safing at https://github.com/safing/intel-data
# License: CC-BY-SA-4.0

# Domains used be the malicious new maintainer of the "The Great Suspender" Browser Extension.
# Ref: https://github.com/greatsuspender/thegreatsuspender/issues/1263

# Malicious Cookie Stuffing Chrome Extensions
# 31.08.2022
# Ref: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/

WOW! 12 url:s!!!
And McAfee as source. WTF?!?!

If these are the lists portmaster is using, It’s a JOKE!!!
Compared to my hundreds of thousands of url:s in the maintained lists I’m using on the completely free software pihole. LMAO

You were saying?

@Zesko if you see a link to anything containting any lists there, you either have a payed version or my install is broken, I see exactly what you took a screenshot of, but what that does (ie the lists of url:s) are nowhere to be found. And like above, did you check the content of the lists on the github?

Blocking ports, sure, its a great software for that.
Remove the blocking and make that paywalled as well then, only leave the port free, that would solve everything and I would even agree to it, but half-assing something and then luring ppl in and then when things that SHOULD be available in free version are behind a paywall, I see that as pretty trashy.

The advertise portmaster as free for blocking ports AND filter lists.
Pawyall for network hostory (not what im looking for), bandwith visibility, safing support and safing privacy network.

Subscription model, yeah, we all love that right?

Pormaster seems to leak traffic, that to me is the opposite of what a program like this should do.
What it does is remove the “protection” you have implemented on your network (bypassing pihole) AND stop blocking. Seems great!

1 Like

I did not check all content of many blocklists. But why should I check them?
If you think that the blocklist is not enough, you can add your own custom blocklist.txt in Portmaster setting → Custom Filter List.

That’s simple.

Yeah, no thank you, I have a setup where the filter lists are maintained automatically just fine on pihole, I don’t want to maintain the lists. That’s kinda the whole point with filter lists.

To make sure they actually block something? LMAO

For other users of this software.

If I disable everything in Filter lists and DNS filtering, the interface STILL reports “active” and I get response and if I understand that correctly, the response should be, it seem portmaster is leaking somewhere and I have no idea how to disable privacy filter.
If I disable the portmaster service completely, I get and I can see the block on my pihole logs.

This is with EVERYTHING except port blocking disabled in portmaster:

drill flurry.com                                                                                                                                                                                     ✔ 
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56429
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 
;; flurry.com.  IN      A

flurry.com.     1       IN      A


info.portmaster.        0       IN      TXT     "blocked: query was blocked by upstream DNS resolver piHole (dns://"

;; Query time: 12 msec
;; WHEN: Tue Oct 24 15:54:35 2023
;; MSG SIZE  rcvd: 171

Portmaster turned off:

drill flurry.com                                                                                                                                                                                     ✔ 
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 15860
;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; flurry.com.  IN      A

flurry.com.     2       IN      A



;; Query time: 1 msec
;; WHEN: Tue Oct 24 15:56:04 2023
;; MSG SIZE  rcvd: 44

Idk, I don’t feel “safe” at all.

Yes, of course. Can you test it? I haven’t used Pihole for a long time.

I copy the untrusted URLs.

I am trying to play ping flipshope.com in VM as guest using NAT, this URL is actually blocked by Portmaster in my host.

It seems you misunderstand.
I want to utilize my hundreds of thousands of url:s in the piholes blocklists, not the portmaster lists that apparently usually contains less than 10 urls.

And If I try to DISABLE portmaster list blocking, it still leaks outside of my designated DoH configured DNS (pihole)

I posted the drill commands above, the first should also report

These are also mentioned in the documentation, I actually missed that. No idea how they are implemented though (ie, how do I disable them? Do I have manually edit sources.yml?), but fair should be fair.

Where did you set the DNS?